]>
Commit | Line | Data |
---|---|---|
d5d0e8c7 MH |
1 | /* |
2 | * linux/fs/ext4/crypto_fname.c | |
3 | * | |
4 | * Copyright (C) 2015, Google, Inc. | |
5 | * | |
6 | * This contains functions for filename crypto management in ext4 | |
7 | * | |
8 | * Written by Uday Savagaonkar, 2014. | |
9 | * | |
10 | * This has not yet undergone a rigorous security audit. | |
11 | * | |
12 | */ | |
13 | ||
14 | #include <crypto/hash.h> | |
15 | #include <crypto/sha.h> | |
16 | #include <keys/encrypted-type.h> | |
17 | #include <keys/user-type.h> | |
18 | #include <linux/crypto.h> | |
19 | #include <linux/gfp.h> | |
20 | #include <linux/kernel.h> | |
21 | #include <linux/key.h> | |
22 | #include <linux/key.h> | |
23 | #include <linux/list.h> | |
24 | #include <linux/mempool.h> | |
25 | #include <linux/random.h> | |
26 | #include <linux/scatterlist.h> | |
27 | #include <linux/spinlock_types.h> | |
28 | ||
29 | #include "ext4.h" | |
30 | #include "ext4_crypto.h" | |
31 | #include "xattr.h" | |
32 | ||
33 | /** | |
34 | * ext4_dir_crypt_complete() - | |
35 | */ | |
36 | static void ext4_dir_crypt_complete(struct crypto_async_request *req, int res) | |
37 | { | |
38 | struct ext4_completion_result *ecr = req->data; | |
39 | ||
40 | if (res == -EINPROGRESS) | |
41 | return; | |
42 | ecr->res = res; | |
43 | complete(&ecr->completion); | |
44 | } | |
45 | ||
46 | bool ext4_valid_filenames_enc_mode(uint32_t mode) | |
47 | { | |
48 | return (mode == EXT4_ENCRYPTION_MODE_AES_256_CTS); | |
49 | } | |
50 | ||
51 | /** | |
52 | * ext4_fname_encrypt() - | |
53 | * | |
54 | * This function encrypts the input filename, and returns the length of the | |
55 | * ciphertext. Errors are returned as negative numbers. We trust the caller to | |
56 | * allocate sufficient memory to oname string. | |
57 | */ | |
58 | static int ext4_fname_encrypt(struct ext4_fname_crypto_ctx *ctx, | |
59 | const struct qstr *iname, | |
60 | struct ext4_str *oname) | |
61 | { | |
62 | u32 ciphertext_len; | |
63 | struct ablkcipher_request *req = NULL; | |
64 | DECLARE_EXT4_COMPLETION_RESULT(ecr); | |
65 | struct crypto_ablkcipher *tfm = ctx->ctfm; | |
66 | int res = 0; | |
67 | char iv[EXT4_CRYPTO_BLOCK_SIZE]; | |
68 | struct scatterlist sg[1]; | |
a44cd7a0 | 69 | int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK); |
d5d0e8c7 MH |
70 | char *workbuf; |
71 | ||
72 | if (iname->len <= 0 || iname->len > ctx->lim) | |
73 | return -EIO; | |
74 | ||
75 | ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ? | |
76 | EXT4_CRYPTO_BLOCK_SIZE : iname->len; | |
a44cd7a0 | 77 | ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding); |
d5d0e8c7 MH |
78 | ciphertext_len = (ciphertext_len > ctx->lim) |
79 | ? ctx->lim : ciphertext_len; | |
80 | ||
81 | /* Allocate request */ | |
82 | req = ablkcipher_request_alloc(tfm, GFP_NOFS); | |
83 | if (!req) { | |
84 | printk_ratelimited( | |
85 | KERN_ERR "%s: crypto_request_alloc() failed\n", __func__); | |
86 | return -ENOMEM; | |
87 | } | |
88 | ablkcipher_request_set_callback(req, | |
89 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, | |
90 | ext4_dir_crypt_complete, &ecr); | |
91 | ||
92 | /* Map the workpage */ | |
93 | workbuf = kmap(ctx->workpage); | |
94 | ||
95 | /* Copy the input */ | |
96 | memcpy(workbuf, iname->name, iname->len); | |
97 | if (iname->len < ciphertext_len) | |
98 | memset(workbuf + iname->len, 0, ciphertext_len - iname->len); | |
99 | ||
100 | /* Initialize IV */ | |
101 | memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE); | |
102 | ||
103 | /* Create encryption request */ | |
104 | sg_init_table(sg, 1); | |
105 | sg_set_page(sg, ctx->workpage, PAGE_SIZE, 0); | |
a44cd7a0 | 106 | ablkcipher_request_set_crypt(req, sg, sg, ciphertext_len, iv); |
d5d0e8c7 MH |
107 | res = crypto_ablkcipher_encrypt(req); |
108 | if (res == -EINPROGRESS || res == -EBUSY) { | |
109 | BUG_ON(req->base.data != &ecr); | |
110 | wait_for_completion(&ecr.completion); | |
111 | res = ecr.res; | |
112 | } | |
113 | if (res >= 0) { | |
114 | /* Copy the result to output */ | |
115 | memcpy(oname->name, workbuf, ciphertext_len); | |
116 | res = ciphertext_len; | |
117 | } | |
118 | kunmap(ctx->workpage); | |
119 | ablkcipher_request_free(req); | |
120 | if (res < 0) { | |
121 | printk_ratelimited( | |
122 | KERN_ERR "%s: Error (error code %d)\n", __func__, res); | |
123 | } | |
124 | oname->len = ciphertext_len; | |
125 | return res; | |
126 | } | |
127 | ||
128 | /* | |
129 | * ext4_fname_decrypt() | |
130 | * This function decrypts the input filename, and returns | |
131 | * the length of the plaintext. | |
132 | * Errors are returned as negative numbers. | |
133 | * We trust the caller to allocate sufficient memory to oname string. | |
134 | */ | |
135 | static int ext4_fname_decrypt(struct ext4_fname_crypto_ctx *ctx, | |
136 | const struct ext4_str *iname, | |
137 | struct ext4_str *oname) | |
138 | { | |
139 | struct ext4_str tmp_in[2], tmp_out[1]; | |
140 | struct ablkcipher_request *req = NULL; | |
141 | DECLARE_EXT4_COMPLETION_RESULT(ecr); | |
142 | struct scatterlist sg[1]; | |
143 | struct crypto_ablkcipher *tfm = ctx->ctfm; | |
144 | int res = 0; | |
145 | char iv[EXT4_CRYPTO_BLOCK_SIZE]; | |
146 | char *workbuf; | |
147 | ||
148 | if (iname->len <= 0 || iname->len > ctx->lim) | |
149 | return -EIO; | |
150 | ||
151 | tmp_in[0].name = iname->name; | |
152 | tmp_in[0].len = iname->len; | |
153 | tmp_out[0].name = oname->name; | |
154 | ||
155 | /* Allocate request */ | |
156 | req = ablkcipher_request_alloc(tfm, GFP_NOFS); | |
157 | if (!req) { | |
158 | printk_ratelimited( | |
159 | KERN_ERR "%s: crypto_request_alloc() failed\n", __func__); | |
160 | return -ENOMEM; | |
161 | } | |
162 | ablkcipher_request_set_callback(req, | |
163 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, | |
164 | ext4_dir_crypt_complete, &ecr); | |
165 | ||
166 | /* Map the workpage */ | |
167 | workbuf = kmap(ctx->workpage); | |
168 | ||
169 | /* Copy the input */ | |
170 | memcpy(workbuf, iname->name, iname->len); | |
171 | ||
172 | /* Initialize IV */ | |
173 | memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE); | |
174 | ||
175 | /* Create encryption request */ | |
176 | sg_init_table(sg, 1); | |
177 | sg_set_page(sg, ctx->workpage, PAGE_SIZE, 0); | |
178 | ablkcipher_request_set_crypt(req, sg, sg, iname->len, iv); | |
179 | res = crypto_ablkcipher_decrypt(req); | |
180 | if (res == -EINPROGRESS || res == -EBUSY) { | |
181 | BUG_ON(req->base.data != &ecr); | |
182 | wait_for_completion(&ecr.completion); | |
183 | res = ecr.res; | |
184 | } | |
185 | if (res >= 0) { | |
186 | /* Copy the result to output */ | |
187 | memcpy(oname->name, workbuf, iname->len); | |
188 | res = iname->len; | |
189 | } | |
190 | kunmap(ctx->workpage); | |
191 | ablkcipher_request_free(req); | |
192 | if (res < 0) { | |
193 | printk_ratelimited( | |
194 | KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n", | |
195 | __func__, res); | |
196 | return res; | |
197 | } | |
198 | ||
199 | oname->len = strnlen(oname->name, iname->len); | |
200 | return oname->len; | |
201 | } | |
202 | ||
5de0b4d0 TT |
203 | static const char *lookup_table = |
204 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; | |
205 | ||
d5d0e8c7 MH |
206 | /** |
207 | * ext4_fname_encode_digest() - | |
208 | * | |
209 | * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. | |
210 | * The encoded string is roughly 4/3 times the size of the input string. | |
211 | */ | |
5de0b4d0 | 212 | static int digest_encode(const char *src, int len, char *dst) |
d5d0e8c7 | 213 | { |
5de0b4d0 TT |
214 | int i = 0, bits = 0, ac = 0; |
215 | char *cp = dst; | |
216 | ||
217 | while (i < len) { | |
218 | ac += (((unsigned char) src[i]) << bits); | |
219 | bits += 8; | |
220 | do { | |
221 | *cp++ = lookup_table[ac & 0x3f]; | |
222 | ac >>= 6; | |
223 | bits -= 6; | |
224 | } while (bits >= 6); | |
d5d0e8c7 MH |
225 | i++; |
226 | } | |
5de0b4d0 TT |
227 | if (bits) |
228 | *cp++ = lookup_table[ac & 0x3f]; | |
229 | return cp - dst; | |
d5d0e8c7 MH |
230 | } |
231 | ||
5de0b4d0 | 232 | static int digest_decode(const char *src, int len, char *dst) |
d5d0e8c7 | 233 | { |
5de0b4d0 TT |
234 | int i = 0, bits = 0, ac = 0; |
235 | const char *p; | |
236 | char *cp = dst; | |
237 | ||
238 | while (i < len) { | |
239 | p = strchr(lookup_table, src[i]); | |
240 | if (p == NULL || src[i] == 0) | |
241 | return -2; | |
242 | ac += (p - lookup_table) << bits; | |
243 | bits += 6; | |
244 | if (bits >= 8) { | |
245 | *cp++ = ac & 0xff; | |
246 | ac >>= 8; | |
247 | bits -= 8; | |
248 | } | |
249 | i++; | |
d5d0e8c7 | 250 | } |
5de0b4d0 TT |
251 | if (ac) |
252 | return -1; | |
253 | return cp - dst; | |
d5d0e8c7 MH |
254 | } |
255 | ||
256 | /** | |
257 | * ext4_free_fname_crypto_ctx() - | |
258 | * | |
259 | * Frees up a crypto context. | |
260 | */ | |
261 | void ext4_free_fname_crypto_ctx(struct ext4_fname_crypto_ctx *ctx) | |
262 | { | |
263 | if (ctx == NULL || IS_ERR(ctx)) | |
264 | return; | |
265 | ||
266 | if (ctx->ctfm && !IS_ERR(ctx->ctfm)) | |
267 | crypto_free_ablkcipher(ctx->ctfm); | |
268 | if (ctx->htfm && !IS_ERR(ctx->htfm)) | |
269 | crypto_free_hash(ctx->htfm); | |
270 | if (ctx->workpage && !IS_ERR(ctx->workpage)) | |
271 | __free_page(ctx->workpage); | |
272 | kfree(ctx); | |
273 | } | |
274 | ||
275 | /** | |
276 | * ext4_put_fname_crypto_ctx() - | |
277 | * | |
278 | * Return: The crypto context onto free list. If the free list is above a | |
279 | * threshold, completely frees up the context, and returns the memory. | |
280 | * | |
281 | * TODO: Currently we directly free the crypto context. Eventually we should | |
282 | * add code it to return to free list. Such an approach will increase | |
283 | * efficiency of directory lookup. | |
284 | */ | |
285 | void ext4_put_fname_crypto_ctx(struct ext4_fname_crypto_ctx **ctx) | |
286 | { | |
287 | if (*ctx == NULL || IS_ERR(*ctx)) | |
288 | return; | |
289 | ext4_free_fname_crypto_ctx(*ctx); | |
290 | *ctx = NULL; | |
291 | } | |
292 | ||
293 | /** | |
294 | * ext4_search_fname_crypto_ctx() - | |
295 | */ | |
296 | static struct ext4_fname_crypto_ctx *ext4_search_fname_crypto_ctx( | |
297 | const struct ext4_encryption_key *key) | |
298 | { | |
299 | return NULL; | |
300 | } | |
301 | ||
302 | /** | |
303 | * ext4_alloc_fname_crypto_ctx() - | |
304 | */ | |
305 | struct ext4_fname_crypto_ctx *ext4_alloc_fname_crypto_ctx( | |
306 | const struct ext4_encryption_key *key) | |
307 | { | |
308 | struct ext4_fname_crypto_ctx *ctx; | |
309 | ||
310 | ctx = kmalloc(sizeof(struct ext4_fname_crypto_ctx), GFP_NOFS); | |
311 | if (ctx == NULL) | |
312 | return ERR_PTR(-ENOMEM); | |
313 | if (key->mode == EXT4_ENCRYPTION_MODE_INVALID) { | |
314 | /* This will automatically set key mode to invalid | |
315 | * As enum for ENCRYPTION_MODE_INVALID is zero */ | |
316 | memset(&ctx->key, 0, sizeof(ctx->key)); | |
317 | } else { | |
318 | memcpy(&ctx->key, key, sizeof(struct ext4_encryption_key)); | |
319 | } | |
320 | ctx->has_valid_key = (EXT4_ENCRYPTION_MODE_INVALID == key->mode) | |
321 | ? 0 : 1; | |
322 | ctx->ctfm_key_is_ready = 0; | |
323 | ctx->ctfm = NULL; | |
324 | ctx->htfm = NULL; | |
325 | ctx->workpage = NULL; | |
326 | return ctx; | |
327 | } | |
328 | ||
329 | /** | |
330 | * ext4_get_fname_crypto_ctx() - | |
331 | * | |
332 | * Allocates a free crypto context and initializes it to hold | |
333 | * the crypto material for the inode. | |
334 | * | |
335 | * Return: NULL if not encrypted. Error value on error. Valid pointer otherwise. | |
336 | */ | |
337 | struct ext4_fname_crypto_ctx *ext4_get_fname_crypto_ctx( | |
338 | struct inode *inode, u32 max_ciphertext_len) | |
339 | { | |
340 | struct ext4_fname_crypto_ctx *ctx; | |
341 | struct ext4_inode_info *ei = EXT4_I(inode); | |
342 | int res; | |
343 | ||
344 | /* Check if the crypto policy is set on the inode */ | |
345 | res = ext4_encrypted_inode(inode); | |
346 | if (res == 0) | |
347 | return NULL; | |
348 | ||
349 | if (!ext4_has_encryption_key(inode)) | |
350 | ext4_generate_encryption_key(inode); | |
351 | ||
352 | /* Get a crypto context based on the key. | |
353 | * A new context is allocated if no context matches the requested key. | |
354 | */ | |
355 | ctx = ext4_search_fname_crypto_ctx(&(ei->i_encryption_key)); | |
356 | if (ctx == NULL) | |
357 | ctx = ext4_alloc_fname_crypto_ctx(&(ei->i_encryption_key)); | |
358 | if (IS_ERR(ctx)) | |
359 | return ctx; | |
360 | ||
a44cd7a0 | 361 | ctx->flags = ei->i_crypt_policy_flags; |
d5d0e8c7 MH |
362 | if (ctx->has_valid_key) { |
363 | if (ctx->key.mode != EXT4_ENCRYPTION_MODE_AES_256_CTS) { | |
364 | printk_once(KERN_WARNING | |
365 | "ext4: unsupported key mode %d\n", | |
366 | ctx->key.mode); | |
367 | return ERR_PTR(-ENOKEY); | |
368 | } | |
369 | ||
370 | /* As a first cut, we will allocate new tfm in every call. | |
371 | * later, we will keep the tfm around, in case the key gets | |
372 | * re-used */ | |
373 | if (ctx->ctfm == NULL) { | |
374 | ctx->ctfm = crypto_alloc_ablkcipher("cts(cbc(aes))", | |
375 | 0, 0); | |
376 | } | |
377 | if (IS_ERR(ctx->ctfm)) { | |
378 | res = PTR_ERR(ctx->ctfm); | |
379 | printk( | |
380 | KERN_DEBUG "%s: error (%d) allocating crypto tfm\n", | |
381 | __func__, res); | |
382 | ctx->ctfm = NULL; | |
383 | ext4_put_fname_crypto_ctx(&ctx); | |
384 | return ERR_PTR(res); | |
385 | } | |
386 | if (ctx->ctfm == NULL) { | |
387 | printk( | |
388 | KERN_DEBUG "%s: could not allocate crypto tfm\n", | |
389 | __func__); | |
390 | ext4_put_fname_crypto_ctx(&ctx); | |
391 | return ERR_PTR(-ENOMEM); | |
392 | } | |
393 | if (ctx->workpage == NULL) | |
394 | ctx->workpage = alloc_page(GFP_NOFS); | |
395 | if (IS_ERR(ctx->workpage)) { | |
396 | res = PTR_ERR(ctx->workpage); | |
397 | printk( | |
398 | KERN_DEBUG "%s: error (%d) allocating work page\n", | |
399 | __func__, res); | |
400 | ctx->workpage = NULL; | |
401 | ext4_put_fname_crypto_ctx(&ctx); | |
402 | return ERR_PTR(res); | |
403 | } | |
404 | if (ctx->workpage == NULL) { | |
405 | printk( | |
406 | KERN_DEBUG "%s: could not allocate work page\n", | |
407 | __func__); | |
408 | ext4_put_fname_crypto_ctx(&ctx); | |
409 | return ERR_PTR(-ENOMEM); | |
410 | } | |
411 | ctx->lim = max_ciphertext_len; | |
412 | crypto_ablkcipher_clear_flags(ctx->ctfm, ~0); | |
413 | crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctx->ctfm), | |
414 | CRYPTO_TFM_REQ_WEAK_KEY); | |
415 | ||
416 | /* If we are lucky, we will get a context that is already | |
417 | * set up with the right key. Else, we will have to | |
418 | * set the key */ | |
419 | if (!ctx->ctfm_key_is_ready) { | |
420 | /* Since our crypto objectives for filename encryption | |
421 | * are pretty weak, | |
422 | * we directly use the inode master key */ | |
423 | res = crypto_ablkcipher_setkey(ctx->ctfm, | |
424 | ctx->key.raw, ctx->key.size); | |
425 | if (res) { | |
426 | ext4_put_fname_crypto_ctx(&ctx); | |
427 | return ERR_PTR(-EIO); | |
428 | } | |
429 | ctx->ctfm_key_is_ready = 1; | |
430 | } else { | |
431 | /* In the current implementation, key should never be | |
432 | * marked "ready" for a context that has just been | |
433 | * allocated. So we should never reach here */ | |
434 | BUG(); | |
435 | } | |
436 | } | |
437 | if (ctx->htfm == NULL) | |
438 | ctx->htfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); | |
439 | if (IS_ERR(ctx->htfm)) { | |
440 | res = PTR_ERR(ctx->htfm); | |
441 | printk(KERN_DEBUG "%s: error (%d) allocating hash tfm\n", | |
442 | __func__, res); | |
443 | ctx->htfm = NULL; | |
444 | ext4_put_fname_crypto_ctx(&ctx); | |
445 | return ERR_PTR(res); | |
446 | } | |
447 | if (ctx->htfm == NULL) { | |
448 | printk(KERN_DEBUG "%s: could not allocate hash tfm\n", | |
449 | __func__); | |
450 | ext4_put_fname_crypto_ctx(&ctx); | |
451 | return ERR_PTR(-ENOMEM); | |
452 | } | |
453 | ||
454 | return ctx; | |
455 | } | |
456 | ||
457 | /** | |
458 | * ext4_fname_crypto_round_up() - | |
459 | * | |
460 | * Return: The next multiple of block size | |
461 | */ | |
462 | u32 ext4_fname_crypto_round_up(u32 size, u32 blksize) | |
463 | { | |
464 | return ((size+blksize-1)/blksize)*blksize; | |
465 | } | |
466 | ||
467 | /** | |
468 | * ext4_fname_crypto_namelen_on_disk() - | |
469 | */ | |
470 | int ext4_fname_crypto_namelen_on_disk(struct ext4_fname_crypto_ctx *ctx, | |
471 | u32 namelen) | |
472 | { | |
473 | u32 ciphertext_len; | |
a44cd7a0 | 474 | int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK); |
d5d0e8c7 MH |
475 | |
476 | if (ctx == NULL) | |
477 | return -EIO; | |
478 | if (!(ctx->has_valid_key)) | |
479 | return -EACCES; | |
480 | ciphertext_len = (namelen < EXT4_CRYPTO_BLOCK_SIZE) ? | |
481 | EXT4_CRYPTO_BLOCK_SIZE : namelen; | |
a44cd7a0 | 482 | ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding); |
d5d0e8c7 MH |
483 | ciphertext_len = (ciphertext_len > ctx->lim) |
484 | ? ctx->lim : ciphertext_len; | |
485 | return (int) ciphertext_len; | |
486 | } | |
487 | ||
488 | /** | |
489 | * ext4_fname_crypto_alloc_obuff() - | |
490 | * | |
491 | * Allocates an output buffer that is sufficient for the crypto operation | |
492 | * specified by the context and the direction. | |
493 | */ | |
494 | int ext4_fname_crypto_alloc_buffer(struct ext4_fname_crypto_ctx *ctx, | |
495 | u32 ilen, struct ext4_str *crypto_str) | |
496 | { | |
497 | unsigned int olen; | |
a44cd7a0 | 498 | int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK); |
d5d0e8c7 MH |
499 | |
500 | if (!ctx) | |
501 | return -EIO; | |
a44cd7a0 TT |
502 | if (padding < EXT4_CRYPTO_BLOCK_SIZE) |
503 | padding = EXT4_CRYPTO_BLOCK_SIZE; | |
504 | olen = ext4_fname_crypto_round_up(ilen, padding); | |
d5d0e8c7 MH |
505 | crypto_str->len = olen; |
506 | if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2) | |
507 | olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2; | |
508 | /* Allocated buffer can hold one more character to null-terminate the | |
509 | * string */ | |
510 | crypto_str->name = kmalloc(olen+1, GFP_NOFS); | |
511 | if (!(crypto_str->name)) | |
512 | return -ENOMEM; | |
513 | return 0; | |
514 | } | |
515 | ||
516 | /** | |
517 | * ext4_fname_crypto_free_buffer() - | |
518 | * | |
519 | * Frees the buffer allocated for crypto operation. | |
520 | */ | |
521 | void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str) | |
522 | { | |
523 | if (!crypto_str) | |
524 | return; | |
525 | kfree(crypto_str->name); | |
526 | crypto_str->name = NULL; | |
527 | } | |
528 | ||
529 | /** | |
530 | * ext4_fname_disk_to_usr() - converts a filename from disk space to user space | |
531 | */ | |
532 | int _ext4_fname_disk_to_usr(struct ext4_fname_crypto_ctx *ctx, | |
5de0b4d0 TT |
533 | struct dx_hash_info *hinfo, |
534 | const struct ext4_str *iname, | |
535 | struct ext4_str *oname) | |
d5d0e8c7 | 536 | { |
5de0b4d0 TT |
537 | char buf[24]; |
538 | int ret; | |
539 | ||
d5d0e8c7 MH |
540 | if (ctx == NULL) |
541 | return -EIO; | |
542 | if (iname->len < 3) { | |
543 | /*Check for . and .. */ | |
544 | if (iname->name[0] == '.' && iname->name[iname->len-1] == '.') { | |
545 | oname->name[0] = '.'; | |
546 | oname->name[iname->len-1] = '.'; | |
547 | oname->len = iname->len; | |
548 | return oname->len; | |
549 | } | |
550 | } | |
551 | if (ctx->has_valid_key) | |
552 | return ext4_fname_decrypt(ctx, iname, oname); | |
5de0b4d0 TT |
553 | |
554 | if (iname->len <= EXT4_FNAME_CRYPTO_DIGEST_SIZE) { | |
555 | ret = digest_encode(iname->name, iname->len, oname->name); | |
556 | oname->len = ret; | |
557 | return ret; | |
558 | } | |
559 | if (hinfo) { | |
560 | memcpy(buf, &hinfo->hash, 4); | |
561 | memcpy(buf+4, &hinfo->minor_hash, 4); | |
562 | } else | |
563 | memset(buf, 0, 8); | |
564 | memcpy(buf + 8, iname->name + iname->len - 16, 16); | |
565 | oname->name[0] = '_'; | |
566 | ret = digest_encode(buf, 24, oname->name+1); | |
567 | oname->len = ret + 1; | |
568 | return ret + 1; | |
d5d0e8c7 MH |
569 | } |
570 | ||
571 | int ext4_fname_disk_to_usr(struct ext4_fname_crypto_ctx *ctx, | |
5de0b4d0 | 572 | struct dx_hash_info *hinfo, |
d5d0e8c7 MH |
573 | const struct ext4_dir_entry_2 *de, |
574 | struct ext4_str *oname) | |
575 | { | |
576 | struct ext4_str iname = {.name = (unsigned char *) de->name, | |
577 | .len = de->name_len }; | |
578 | ||
5de0b4d0 | 579 | return _ext4_fname_disk_to_usr(ctx, hinfo, &iname, oname); |
d5d0e8c7 MH |
580 | } |
581 | ||
582 | ||
583 | /** | |
584 | * ext4_fname_usr_to_disk() - converts a filename from user space to disk space | |
585 | */ | |
586 | int ext4_fname_usr_to_disk(struct ext4_fname_crypto_ctx *ctx, | |
587 | const struct qstr *iname, | |
588 | struct ext4_str *oname) | |
589 | { | |
590 | int res; | |
591 | ||
592 | if (ctx == NULL) | |
593 | return -EIO; | |
594 | if (iname->len < 3) { | |
595 | /*Check for . and .. */ | |
596 | if (iname->name[0] == '.' && | |
597 | iname->name[iname->len-1] == '.') { | |
598 | oname->name[0] = '.'; | |
599 | oname->name[iname->len-1] = '.'; | |
600 | oname->len = iname->len; | |
601 | return oname->len; | |
602 | } | |
603 | } | |
604 | if (ctx->has_valid_key) { | |
605 | res = ext4_fname_encrypt(ctx, iname, oname); | |
606 | return res; | |
607 | } | |
608 | /* Without a proper key, a user is not allowed to modify the filenames | |
609 | * in a directory. Consequently, a user space name cannot be mapped to | |
610 | * a disk-space name */ | |
611 | return -EACCES; | |
612 | } | |
613 | ||
5b643f9c TT |
614 | int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname, |
615 | int lookup, struct ext4_filename *fname) | |
d5d0e8c7 | 616 | { |
5b643f9c TT |
617 | struct ext4_fname_crypto_ctx *ctx; |
618 | int ret = 0, bigname = 0; | |
619 | ||
620 | memset(fname, 0, sizeof(struct ext4_filename)); | |
621 | fname->usr_fname = iname; | |
d5d0e8c7 | 622 | |
5b643f9c TT |
623 | ctx = ext4_get_fname_crypto_ctx(dir, EXT4_NAME_LEN); |
624 | if (IS_ERR(ctx)) | |
625 | return PTR_ERR(ctx); | |
626 | if ((ctx == NULL) || | |
d5d0e8c7 MH |
627 | ((iname->name[0] == '.') && |
628 | ((iname->len == 1) || | |
629 | ((iname->name[1] == '.') && (iname->len == 2))))) { | |
5b643f9c TT |
630 | fname->disk_name.name = (unsigned char *) iname->name; |
631 | fname->disk_name.len = iname->len; | |
632 | goto out; | |
d5d0e8c7 | 633 | } |
5b643f9c TT |
634 | if (ctx->has_valid_key) { |
635 | ret = ext4_fname_crypto_alloc_buffer(ctx, iname->len, | |
636 | &fname->crypto_buf); | |
637 | if (ret < 0) | |
638 | goto out; | |
639 | ret = ext4_fname_encrypt(ctx, iname, &fname->crypto_buf); | |
640 | if (ret < 0) | |
641 | goto out; | |
642 | fname->disk_name.name = fname->crypto_buf.name; | |
643 | fname->disk_name.len = fname->crypto_buf.len; | |
644 | ret = 0; | |
645 | goto out; | |
5de0b4d0 | 646 | } |
5b643f9c TT |
647 | if (!lookup) { |
648 | ret = -EACCES; | |
649 | goto out; | |
5de0b4d0 TT |
650 | } |
651 | ||
5b643f9c TT |
652 | /* We don't have the key and we are doing a lookup; decode the |
653 | * user-supplied name | |
654 | */ | |
655 | if (iname->name[0] == '_') | |
656 | bigname = 1; | |
657 | if ((bigname && (iname->len != 33)) || | |
658 | (!bigname && (iname->len > 43))) { | |
659 | ret = -ENOENT; | |
d5d0e8c7 | 660 | } |
5b643f9c TT |
661 | fname->crypto_buf.name = kmalloc(32, GFP_KERNEL); |
662 | if (fname->crypto_buf.name == NULL) { | |
663 | ret = -ENOMEM; | |
664 | goto out; | |
665 | } | |
666 | ret = digest_decode(iname->name + bigname, iname->len - bigname, | |
667 | fname->crypto_buf.name); | |
668 | if (ret < 0) { | |
669 | ret = -ENOENT; | |
670 | goto out; | |
671 | } | |
672 | fname->crypto_buf.len = ret; | |
673 | if (bigname) { | |
674 | memcpy(&fname->hinfo.hash, fname->crypto_buf.name, 4); | |
675 | memcpy(&fname->hinfo.minor_hash, fname->crypto_buf.name + 4, 4); | |
676 | } else { | |
677 | fname->disk_name.name = fname->crypto_buf.name; | |
678 | fname->disk_name.len = fname->crypto_buf.len; | |
679 | } | |
680 | ret = 0; | |
681 | out: | |
682 | ext4_put_fname_crypto_ctx(&ctx); | |
d5d0e8c7 MH |
683 | return ret; |
684 | } | |
685 | ||
5b643f9c | 686 | void ext4_fname_free_filename(struct ext4_filename *fname) |
d5d0e8c7 | 687 | { |
5b643f9c TT |
688 | kfree(fname->crypto_buf.name); |
689 | fname->crypto_buf.name = NULL; | |
690 | fname->usr_fname = NULL; | |
691 | fname->disk_name.name = NULL; | |
d5d0e8c7 | 692 | } |